Instant IMtegrity is flexible and can supply quick results based on your criteria. This can be a valuable time saving technique, with the right adjustment. Instant IMtegrity, combined with the native search and discovery tools provided by Lotus Notes, creates a powerful application to capture, search, and discover IBM Lotus Sametime based chat conversations.

Thursday, November 10, 2011

There is a known bug with the access control of the Administration section of Archive Viewer 4.0.80.

If a user authenticates into the Administration section, and then another user, who should not have access, according to the groups allowed in the "AdminSecurity" key of the web.config, attempts to access, the credentials of the first user are used, rather than those provided by the second user. This only appears to happen if the two logins occur within one minute of each other.

The root of this problem is that page caching is enabled on the landing page of the Admin section. This will be addressed in our next iteration, but for now, we provide the following work-around.

This fix involves modifying the NTFS file permissions of the Admin folder of the InstantAV4 website.

Log in to the server hosting InstantAV4 using an account which you will grant Admin access.

Open IIS Manager, and navigate to the Admin folder of the InstantAV4 website in the side panel. Right-click and select Edit Permissions...

Uncheck Include inheritable permissions from this object's parent. When prompted with the small dialog, select Add.

Add permissions for the users you want to have access to the Admin section. Be sure to select Full Control, as this gives those users all the permissions necessary. Be sure to give permissions to the account that you are logged into the server under!

Remove permissions for other users. Safe entries to remove include Domain Users, Administrators, Local Administrators, Local Users, etc.

Restart the webpage.

Now, when you access the Admin portal, if you provide the credentials of one of the users provisioned, you should have normal access. Using any other account, you will be prompted for credentials, and eventually shown a HTTP 401 - Unauthorized: error page.

Monday, November 7, 2011

With Lync Server 2010, Microsoft has added the ability to do basic examination of archived instant messages. One might ask, then, why an extension tool like Instant Archive Viewer is still necessary.

For a tutorial on how to use Lync's built-in scripts to export conversation data, check here.

While this is a functional method of accessing chat logs, it has a number of limitations:

Requires use of command-line interface, running on the Lync Server machine.

Little ability to fine-tune results - Only able to return all conversations in a date range, or all conversations for a single user.

Can only export conversations as Outlook .eml files, one file per conversation, and these files have unintuitive names, increasing the difficulty of finding the desired conversation.

In comparison, Instant Archive Viewer is a much more powerful application. In addition to the basic functionality that Lync Server provides, Archive Viewer features:

Graphical Web interface that is accessible from anywhere.

Many options to narrow your searches of your IM logs

Ability to search for conversations including arbitrary lists of users

Ability to search conversations between specific users

Ability to search for conversations featuring specific message text.

Ability to search for conversations within a specified timespan, down to the minute, rather than just by date.

Ability to filter search by conversation length

Ability to specify maximum number of results.

Results are are viewable in-browser, and can be printed or saved in PDF and plain text formats.

Queries can be saved, and even scheduled to run on a recurring basis, with results sent by email.

Customizable access levels. It is desirable to limit access to the full database for privacy reasons, but also useful, for example, for a user to view their own chat history, or for a supervisor to have access to his subordinates. Archive Viewer provides this flexibility through customizable Access Control Lists.

So, in summary, while Lync 2010 provides some limited ability to search chat history out-of-the-box, Archive Viewer gives you more powerful searches, a more convenient interface, and more options for exporting your data.

Friday, November 4, 2011

When deploying Instant OCS RealTime recently for a customer, we encountered an interesting bug. Installation progressed smoothly, aside from some AD/SQL Server configuration issues. However, when we attempted to start the services, while the MessageCapture service worked fine, the MessageSending service would silently die after a few seconds. Examining the log files provided no insight, as there were no logged exceptions. At the time, there was no global exception handler when the service is run as a service,

However, when running in TEST mode, we do have a global uncaught exception handler registered. Running the service via the Debug UI enabled us to see the exception which was killing the service, both in our logs and in a MessageBox.

System.TypeInitializationException: The type initializer for 'Microsoft.Rtc.Collaboration.Presence.PresenceCategory' threw an exception. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

at System.Threading._ThreadPoolWaitCallback.PerformWaitCallbackInternal(_ThreadPoolWaitCallback tpWaitCallBack)

at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object state)

After some searching, we discovered that this is usually the result of having FIPS compliance checking enabled on the server. See here. And indeed, when we enabled FIPS checking in our test environment, we experienced the same behavior.

Fortunately, our customer was not required to have FIPS checking enabled, so it was a simple matter to disable it.

Open regedit on the machine RealTime is installed to.

Navigate to HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa/FipsAlgorithmPolicy

Edit the Enabled key, and set it to 0.

Close regedit

After disabling FIPS checking, the MessageSending service executed as expected.

Unfortunately, we do not yet have a solution to this problem if FIPS must be enabled. We are investigating the option of using an updated version of the Unified Communications SDK, in the hopes that Microsoft has addressed this issue.